RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2013/06/21 00:34:49 

[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
     for hostbased authentication, print the client host and user on
     the auth success/failure line; bz#2064, ok dtucker@
This commit is contained in:
Damien Miller 2013-07-18 16:10:09 +10:00
parent 3071070b39
commit 20bdcd7236
6 changed files with 40 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -12,6 +12,10 @@
- markus@cvs.openbsd.org 2013/06/20 19:15:06 - markus@cvs.openbsd.org 2013/06/20 19:15:06
[krl.c] [krl.c]
don't leak the rdata blob on errors; ok djm@ don't leak the rdata blob on errors; ok djm@
- djm@cvs.openbsd.org 2013/06/21 00:34:49
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
for hostbased authentication, print the client host and user on
the auth success/failure line; bz#2064, ok dtucker@
20130702 20130702
- (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config

4
auth-rsa.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-rsa.c,v 1.83 2013/05/19 02:42:42 djm Exp $ */ /* $OpenBSD: auth-rsa.c,v 1.84 2013/06/21 00:34:49 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -332,7 +332,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
* options; this will be reset if the options cause the * options; this will be reset if the options cause the
* authentication to be rejected. * authentication to be rejected.
*/ */
pubkey_auth_info(authctxt, key); pubkey_auth_info(authctxt, key, NULL);
packet_send_debug("RSA authentication accepted."); packet_send_debug("RSA authentication accepted.");
return (1); return (1);

5
auth.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.h,v 1.74 2013/05/19 02:42:42 djm Exp $ */ /* $OpenBSD: auth.h,v 1.75 2013/06/21 00:34:49 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -122,7 +122,8 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *); int user_key_allowed(struct passwd *, Key *);
void pubkey_auth_info(Authctxt *, const Key *); void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
__attribute__((__format__ (printf, 3, 4)));
struct stat; struct stat;
int auth_secure_path(const char *, struct stat *, const char *, uid_t, int auth_secure_path(const char *, struct stat *, const char *, uid_t,

6
auth2-hostbased.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.15 2013/05/17 00:13:13 djm Exp $ */ /* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -116,6 +116,10 @@ userauth_hostbased(Authctxt *authctxt)
#ifdef DEBUG_PK #ifdef DEBUG_PK
buffer_dump(&b); buffer_dump(&b);
#endif #endif
pubkey_auth_info(authctxt, key,
"client user \"%.100s\", client host \"%.100s\"", cuser, chost);
/* test for allowed key and correct signature */ /* test for allowed key and correct signature */
authenticated = 0; authenticated = 0;
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&

28
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.37 2013/05/19 02:38:28 djm Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -147,7 +147,7 @@ userauth_pubkey(Authctxt *authctxt)
#ifdef DEBUG_PK #ifdef DEBUG_PK
buffer_dump(&b); buffer_dump(&b);
#endif #endif
pubkey_auth_info(authctxt, key); pubkey_auth_info(authctxt, key, NULL);
/* test for correct signature */ /* test for correct signature */
authenticated = 0; authenticated = 0;
@ -190,23 +190,37 @@ done:
} }
void void
pubkey_auth_info(Authctxt *authctxt, const Key *key) pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
{ {
char *fp; char *fp, *extra;
va_list ap;
int i;
extra = NULL;
if (fmt != NULL) {
va_start(ap, fmt);
i = vasprintf(&extra, fmt, ap);
va_end(ap);
if (i < 0 || extra == NULL)
fatal("%s: vasprintf failed", __func__);
}
if (key_is_cert(key)) { if (key_is_cert(key)) {
fp = key_fingerprint(key->cert->signature_key, fp = key_fingerprint(key->cert->signature_key,
SSH_FP_MD5, SSH_FP_HEX); SSH_FP_MD5, SSH_FP_HEX);
auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s", auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
key_type(key), key->cert->key_id, key_type(key), key->cert->key_id,
(unsigned long long)key->cert->serial, (unsigned long long)key->cert->serial,
key_type(key->cert->signature_key), fp); key_type(key->cert->signature_key), fp,
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp); free(fp);
} else { } else {
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
auth_info(authctxt, "%s %s", key_type(key), fp); auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp); free(fp);
} }
free(extra);
} }
static int static int

7
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.125 2013/05/19 02:42:42 djm Exp $ */ /* $OpenBSD: monitor.c,v 1.126 2013/06/21 00:34:49 djm Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org> * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -1165,7 +1165,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
case MM_USERKEY: case MM_USERKEY:
allowed = options.pubkey_authentication && allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key); user_key_allowed(authctxt->pw, key);
pubkey_auth_info(authctxt, key); pubkey_auth_info(authctxt, key, NULL);
auth_method = "publickey"; auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1) if (options.pubkey_authentication && allowed != 1)
auth_clear_options(); auth_clear_options();
@ -1174,6 +1174,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed = options.hostbased_authentication && allowed = options.hostbased_authentication &&
hostbased_key_allowed(authctxt->pw, hostbased_key_allowed(authctxt->pw,
cuser, chost, key); cuser, chost, key);
pubkey_auth_info(authctxt, key,
"client user \"%.100s\", client host \"%.100s\"",
cuser, chost);
auth_method = "hostbased"; auth_method = "hostbased";
break; break;
case MM_RSAHOSTKEY: case MM_RSAHOSTKEY: